Stuxnet Attacks Used 4 Windows Zero-Day Exploits

Posted by CmdrTaco on Tuesday September 14, 2010 @08:00AM from the i'll-exploit-you dept.

abadnog writes "The attackers behind the recent Stuxnet worm attack used four different zero-day security vulnerabilities to burrow into — and spread around — Microsoft's Windows operating system, according to a startling disclosure from Microsoft. Two of the four vulnerabilities are still unpatched. Microsoft said the attackers initially targeted the old MS08-067 vulnerability (used in the Conficker attack), a new LNK (Windows Shortcut) flaw to launch exploit code on vulnerable Windows systems and a zero-day bug in the Print Spooler Service that makes it possible for malicious code to be passed to, and then executed on, a remote machine. The malware also exploited two different elevation of privilege holes to gain complete control over the affected system."

6 of 67 comments (clear)

Min score:

Reason:

Sort:

Well, at least by by+(1706743) · 2010-09-14 08:07 · Score: 4, Funny

...zero-day bug in the Print Spooler Service...
it won't affect the iPad!

Yeah, yeah, -1 Troll, -1 Flamebait, -1 Offtopic...
4 != four by VMaN · 2010-09-14 08:07 · Score: 1, Funny

Who else was all ready to flame about 4 being used to mean "four"?
Then I read the rest of the summary for once...
1. Re:4 != four by jonescb · 2010-09-14 08:10 · Score: 2, Funny
  
  Do you mean "for"? Because 4 == four.
2. Re:4 != four by CannonballHead · 2010-09-14 08:14 · Score: 2, Funny
  
  When not four, 4 is 2 B.
  ... or maybe ! 2 B.
Gee What a Coincidence by Kernel+Rootkits · 2010-09-14 08:26 · Score: 2, Funny

It's funny how this happened right after Microsoft released the source code of Windows 7 to the Russian government...Just sayin...
Re:old news? by turbidostato · 2010-09-14 16:28 · Score: 2, Funny

"Hey Taco man you do realize this is recycled old news from about two month ago, don't you?"
Do you mean it's not zero-day news?